On 2019-04-05 18:11, Jonathan S. Katz wrote: > + <para> > + We recommend using the <option>-W</option>, > <option>--pwprompt</option>, > + or <option>--pwfile</option> flags to assign a password to the database > + superuser, and to override the <filename>pg_hba.conf</filename> default > + generation using <option>-auth-local peer</option> for local > connections, > + and <option>-auth-host scram-sha-256</option> for remote connections. > See > + <xref linkend="client-authentication"/> for more information on client > + authentication methods. > + </para>
As discussed on hackers, we are not ready to support scram-sha-256 out of the box. So this advice, or any similar advice elsewhere, would need to recommend "md5" as the setting --- which would probably be embarrassing. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
